<?php
// Standard configuration file
include("config.inc.php");

// Check input
if(isset($_POST['pw']))
{
    $status = CUserAuth::checkPassword($_POST['pw'], $_POST['pw2'], $_SESSION['userID']);
    if($_GET['action'] == "edit") {
        
        $sql = CSingleton::get("sql::sql");
        
        if(!is_array($status)) {
            $qry = $sql->prepare("UPDATE Mitarbeiter SET passwd = ?, passwd_datum = ? WHERE benutzername = ?");
            $qry->execute(array(md5($_POST['pw']), CUserAuth::genPasswordExpireDate(), $_SESSION['benutzername']));
            CUserAuth::logout();
            header("LOCATION: index.php");
        }
    } else {
        if(!is_array($status)) { 
            $qry = $sql->prepare("UPDATE Mitarbeiter SET passwd = ?, status = 1, passwd_datum = ? WHERE benutzername = ?");
            $qry->execute(array(md5($_POST['pw']), CUserAuth::genPasswordExpireDate(), $_SESSION['benutzername']));
            if($qry->rowCount() == 1) {
                $_SESSION['status'] = 1;
            }
        }       
    }
    
    
}

// Check for existing user-session
if(CUserAuth::isLoggedIn() && $_SESSION['status'] != 5 && $_GET['action'] != "edit") {
    header("LOCATION: index.php");
    CUserAuth::logout();   
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Passwort &auml;ndern</title>
</head>
<body>
<h1>Passwort &auml;ndern (<a href="index.php?logout">logout</a><?php if($_GET['action']=='edit') echo ' | <a href="index.php">zur&uuml;ck zur Startseite</a>';  ?>)</h1>
<p>Vorgabe:
<ul>
    <li>Mindestens einen Gro&szlig;buchstaben</li>
    <li>Mindestens ein Sonderzeichen</li>
    <li>Genau 8 Zeichen</li>
</ul>
</p>
<?php
if($_GET['action'] == 'edit') {
include("module/misc/header.php");
}
?>
<form action="" method="POST">
    Passwort: <input type="password" name="pw" /><br />
    Passwort best&auml;tigen: <input type="password" name="pw2" /><br />
    <input type="submit" name="submit" value="Anmelden" />
</form>
<?php
if(isset($_POST['pw'])) {
    if(is_array($status)) {
        foreach($status as $e)
        {
            echo $e . "<br />";
        }
    }
}
?>
</body>
</html>